The installation of surveillance cameras in stores, downtowns, and apartments and the installation of drive recorders in business vehicles have recently become common, and video is increasingly treated as evidence. As a countermeasure for trouble occurring with transactions and support services through telecommunications, it has also become common for vendors to record conversations between customers and operators as evidence.
Currently, when video and audio are used as evidence, videotapes and/or video/audio files are submitted as they are. However, video and audio can be easily falsified and/or edited along with the digitization thereof, and thus, third-party certification such as a signature and a timestamp is required when audio and video are treated as evidence. Products and services for recording telephone operator conversations with timestamps are available and needs for such technology are expected to increase in the future.
In contrast to the increase of surveillance cameras, the protection of privacy with respect to the use of video shot by the cameras has become a problem and is under discussion at the Ministry of Internal Affairs and Communications. Due to the enforcement of the Personal Information Protection Law, the use of personal information of individuals is strictly controlled, and the information has to be disclosed and/or partially deleted if the person requests.
To address the problem of achieving reliability in terms of evidence as well as protecting privacy, research has been progressed on a partial guarantee of the originality of a part of an electronic document and sanitizing signature technology for concealment. In particular, Japanese Patent Application No. 2006-528342, for example, discloses a sanitizing signature technology for electronic documents addressing the problem that a signature applied to a document cannot be verified due to the concealment of a part of the document. Specifically, a method is disclosed in which the content of an electronic document is divided into items, summary data are calculated for each item, and a digital signature is appended to the summary data of the items. The summary data correspond to hash data calculated by a cryptographic one-way hash function and are referred to as a message digest.
This technology enables signature verification even if an electronic document with a signature has been sanitized, and enables third-party certification that no change has been made other than the portions sanitized, changed, and/or added for concealment. This technology is applicable to video/audio data, and Japanese Laid-Open Patent Publication No. 2009-152713, for example, discloses a technology to guarantee the originality of video data and to extract data from a signature subject enabling protection of privacy.
However, if applied to video data recorded in real-time and over a long period, the conventional arts described above cannot certify the originality of video data recorded before the recording stops due to an error, such as a forced powering off of the video recording device.
From the viewpoint of a user who installs the surveillance camera, since important evidence can be included in the video recorded by then, it is desirable for recorded data to be stored with respective certifications. However, it is not until a digital signature functioning as certification is appended through a formal procedure (for example, when the recording stop button is pushed) that the third-party certification for the originality of the video data by the digital signature appended thereto is enabled. When an error occurs, the digital signature process cannot be performed and thus, the third-party certification that falsification has not occurred is also impossible.
As a result, the recorded video and message digests functioning as an indicator of falsification cannot certify that falsification has not occurred. In particular, a countermeasure is necessary for surveillance cameras operating 24 hours a day for 365 days a year, since a forced termination due to power outage, etc., cannot be completely prevented and thus, when the recording will be forcibly terminated cannot be predicted.
Regarding the problem described above, if the video is recorded at, for example, 30 frames per second (fps), 300 frames recorded in 10 seconds may be treated as a unit of guarantee. In this case, even if the recording stops due to an error, the video data recorded up until then can be certified against falsification.
However, in this case, only certification in 300-frame units is possible. It cannot be guaranteed that frames are temporally continuous over blocks, in other words, no malicious/accidental and unauthorized replacement and/or intermediate removal has occurred.